Kiltz, StefanHildebrandt, MarioAltschaffel, RobertDittmann, JanaFreiling, Felix C.2019-01-172019-01-172010978-3-88579-264-2https://dl.gi.de/handle/20.500.12116/19803In this paper we introduce a prototype that is designed to produce forensic sound network data recordings using inexpensive hardand software, the Linux Forensic Transparent Bridge (LFTB). It supports the investigation of the network communication parameters and the investigation of the payload of network data. The basis for the LFTB is a self-developed model of the forensic process which also addresses forensically relevant data types and considerations for the design of forensic software using software engineering techniques. LFTB gathers forensic evidence to support cases such as malfunctioning hardand software and for investigating malicious activity. In the latter application the stealthy design of the proposed device is beneficial. Experiments as part of a first evaluation show its usability in a support case and a malicious activity scenario. Effects to latency and throughput were tested and limitations for packet recording analysed. A live monitoring scheme warning about potential packet loss endangering evidence has been implemented.enIT-forensicsnetwork securityreactive securityintrusion detectionText/Conference Paper1617-5468